Europe’s New Defenses Against NSA Spying Will Crimp Prosperity and Security
Europe’s loss of trust in the United States over Edward Snowden’s revelations of massive surveillance by the National Security Agency (NSA) is now building into a wave of proposals – for new data protection rules, and for Europe-specific Internet and communications networks – that threaten to crimp the openness of the global Internet that makes it an enabler of economic growth and innovation.
Preventing those defensive moves, and the damage they would inflict on transatlantic commerce and security cooperation, requires an urgent effort by the US policymakers. Fortunately for them, a narrow window for action remains open because Europe’s governments have needed time to reach their own consensus about how to shape the new rules. The political distractions of the European Parliament elections in May will likely extend the window briefly.
But the Obama administration has shown no understanding of the need to move with anything like the boldness or speed required to show Europe that it can be a partner, rather than a threat, to Europeans’ efforts to secure the basic privacy of for their data. For months, US policymakers have appeared unable to see, or willing to ignore, the European anger and transatlantic strains caused by PRISM, the massive data surveillance program concocted by the NSA and revealed by Snowden.
Washington’s disconnect on the issue has widened since Snowden’s revelation in October that the NSA for years tapped the cellphone of German Chancellor Angela Merkel. The former German diplomat and chairman of the Munich Security Conference, Wolfgang Ischinger, warned on November 1 that “broken trust and [Merkel’s] personal humiliation” had brought transatlantic relations to their lowest point since the Iraq War. (Ischinger is a member of the Atlantic Council’s board of directors.)
At this month’s Munich conference, countless Europeans reinforced Ischinger’s point, telling Americans to expect no return to the cooperative “business as usual” that existed before Snowden revealed how intrusively the NSA spies on America’s friends.
If left unattended, Europe’s anger will damage two vital elements of a shared transatlantic future — prosperity and security. The most discussed impact on economic relations is the weakening of hopes for a Transatlantic Trade and Investment Partnership (TTIP), under negotiation between the EU and US since last year. The European Parliament’s justice committee this month asked the full parliament to consider a declaration that it “will only consent to the final TTIP agreement provided the agreement fully respects fundamental rights,” including for the protection of personal data.
Prosperity also could suffer from a range of proposals – by governments, the private sector, and European institutions – to defend Europeans’ data. Chancellor Merkel said this month she would discuss with French President Francois Hollande the creation of a “safe communications network” (safe against US surveillance) across the European Union. Such region-specific institutions risk weakening the global character that makes the Internet an enabler of economic growth, cultural exchange, and innovation – all attributes that Europe needs to revive its economy.
Private companies are enlisting the support of their governments in creating national or regional cloud-computing initiatives. While EU institutions oppose fragmented national efforts to supplant US providers, the European Commission aims to turn the EU into the “world’s leading ‘trusted cloud region’.”
Europeans see US cloud and Internet service providers as conspirators with the US government, a perception that has damaged those firms’ appeal to European consumers. European companies have turned public anger to their competitive advantage.
While Europeans rightly demand that their standards for data privacy and protection be respected, this should be achieved via measures that don’t push US companies out of the European market.
This wave of Internet isolationism will cost US cloud computing industry between $22 billion and $35 billion by 2016, estimates the Information Technology and Innovation Foundation.
The impact on European businesses will be comparable, and perhaps more long lasting. Regional entrepreneurship and innovation efforts can cater to Europeans’ short-term needs. But as globalization and innovation go hand-in-hand, Europe-only solutions won’t be able to replicate the successes of Silicon Valley. A continent isolated from global innovation and economies of scale is by definition limiting its technological and economic potential.
The second collateral victim of the NSA spying revelations is transatlantic cooperation on counter-terrorism. That cooperation has grown since 2001, through agreements on the Terrorist Finance Tracking Program (TFTP) and the EU-US sharing of airline passenger name records. The EU Commission has proposed reviewing those agreements, and the European Parliament has voted to suspend TFTP.
The NSA revelations also raise immediate security concerns. Exposure of methods of online intelligence gathering was a gift to terrorist groups that may help them avoid vulnerable communications.
If trust, cooperation, and transparency are not restored, both sides of the Atlantic have a lot to lose in the wave of counterproductive ideas prompted by the NSA’s surveillance. Challenges to data protection must be addressed by a dispassionate debate on the interplay between privacy, data protection, and national security on each side of the Atlantic. (European governments have been requesting private information from social media providers to an extent comparable to that in the United States, underscoring that privacy issues remain unresolved in both polities.)
Those separate debates must be complemented by a cross-Atlantic framework to protect personal privacy based on common principles. The United States and Europe for decades have built common ground to foster cooperation and commerce – a success that must not be derailed by the current trough in transatlantic relations.
The national security challenges must be addressed in a way that keeps the Internet open and borderless. As European institutions defend their high standards of data protection, they must steer clear of proposals that undermine smooth data transfers and the operation of American companies in Europe.
The international discussion that the revelations started has a potential to influence issues that until now existed outside the public sphere. Leaders on both sides of the Atlantic share the responsibility to restore trust and cooperation.
Klara Tothova Jordan is an assistant director of the Cyber Statecraft Initiative at the Council’s Brent Scowcroft Center on International Security.